According to Corvus Insurance, ransomware activity surged in the first quarter of 2024, marking a 21% increase over the same period in 2023, despite disruptions to major ransomware groups like LockBit and ALPHV/BlackCat. This article has been indexed from Cyware…
Category: Cyware News – Latest Cyber News
Novel TunnelVision Attack Against Impacts Virtually All VPN Apps Through DHCP Server Manipulation
The TunnelVision attack is a newly discovered method that can compromise the security of most Virtual Private Network (VPN) applications by diverting traffic away from the encrypted tunnel, exposing it to potential interception. This article has been indexed from Cyware…
Mastodon Delays Firm Fix to Solve Link Preview DDoS Issue
Mastodon delayed a firm fix for link preview DDoS issues, pushing it back to version 4.4.0 from the expected 4.3.0 release. The issue arises from the decentralized nature of Mastodon, where link previews generate excessive traffic on host servers. This…
WordPress Plugin Exploit Impacts Over 90,000 Websites
The vulnerability, which has a CVSS score of 9.8, is a SQL injection flaw that allows attackers to execute unauthorized SQL queries and potentially compromise the integrity and confidentiality of the WordPress database. This article has been indexed from Cyware…
Citrix Addresses High-Severity NetScaler Servers Flaw
Citrix appears to have quietly addressed a vulnerability in its NetScaler ADC and Gateway appliances that gave remote, unauthenticated attackers a way to obtain potentially sensitive information from the memory of affected systems. This article has been indexed from Cyware…
Anetac Raises $16M in Funding
Anetac, a startup protecting companies from blind spots of service accounts in hybrid environments, raised $16M in funding. The round was led by Liberty Global with participation from Shield Capital, GP Ventures, Anetac CEO Tim Eades and Jason Witty. This…
NATO and the EU Formally Condemned APT28 Cyber Espionage
The nation-state actor APT28 exploited the zero-day flaw CVE-2023-23397 in attacks against European entities since April 2022. The Russia-linked APT also targeted NATO entities and Ukrainian government agencies. This article has been indexed from Cyware News – Latest Cyber News…
NiceCurl and TameCat Custom Backdoors Leveraged by Damselfly APT
The Damselfly Advanced Persistent Threat (APT) group, also known as APT42, has been actively using custom backdoor variants, NiceCurl and TameCat, to infiltrate Windows machines. This article has been indexed from Cyware News – Latest Cyber News Read the original…
HijackLoader Evolves with New Evasion Techniques
HijackLoader is a modular malware loader that is used to deliver second-stage payloads including Amadey, Lumma Stealer, Racoon Stealer v2, and Remcos RAT. HijackLoader decrypts and parses a PNG image to load the next stage. This article has been indexed…
Belgium’s Aikido Lands $17M Series A for its Security Platform Aimed at Developers
Aikido, a startup based in Ghent, Belgium, has secured a $17 million Series A funding to develop its innovative security platform tailored for developers. The round was led by Singular, with participation from Notion Capital and Connect Ventures. This article…
Russian GRU Hackers Compromised German, Czech Targets
The German and Czech governments have publicly disclosed that Russian military intelligence hackers, known as APT28, have been involved in an espionage campaign targeting political parties and critical infrastructure in both countries. This article has been indexed from Cyware News…
Organizations Patch CISA KEV List Bugs 3.5 Times Faster Than Others, Researchers Find
The median time to patch bugs listed in the CISA’s Known Exploited Vulnerabilities (KEV) catalog is 174 days, compared to 621 days for non-KEV vulnerabilities, according to an analysis by Bitsight. This article has been indexed from Cyware News –…
Finland Warns of Android Malware Attacks Breaching Bank Accounts
Finland’s Transport and Communications Agency (Traficom) highlighted multiple cases of SMS messages written in Finnish that instruct recipients to call a number. The scammer answers the call instructs victims to install a McAfee app for protection. This article has been…
Law Enforcement Seized LockBit Group’s Website Again
Law enforcement authorities seized the Lockbit group’s Tor website again and they plan to reveal the identities of the LockBitSupps and other gang members on May 7, 2024. This article has been indexed from Cyware News – Latest Cyber News…
Ransom Recovery Costs Reach $2.73 Million
Ransom recovery costs have surged, with the average payment reaching $2 million, a 500% increase from the previous year. Excluding ransoms, the average cost of recovery has risen to $2.73 million, up by almost $1 million, according to Sophos. This…
LayerX Raises $26 Million for its Browser Security Platform
The Israeli startup founded in 2022 by Or Eshed and David Weisbrot has raised $26 million in Series A funding. This round, led by Glilot+ and with participation from Dell Technologies Capital, brings LayerX’s total investment to $34 million. This…
Microsoft, Google Widen Passkey Support for Its Users
Passkeys are gaining widespread adoption as an alternative to traditional passwords for digital authentication. Major tech companies like Microsoft, Google, and Bitwarden have recently expanded support for passkeys. This article has been indexed from Cyware News – Latest Cyber News…
Cisa Warned 1,750 Organizations of Ransomware Vulnerabilities Last Year. Only Half Took Action.
The Cybersecurity and Infrastructure Security Agency sent out alerts to critical infrastructure sectors, with only 852 organizations responding by patching, implementing controls, or taking devices offline. This article has been indexed from Cyware News – Latest Cyber News Read the…
Russia-Linked APT28 and Crooks are Still Using the Moobot Botnet
Trend Micro researchers revealed that the botnet, primarily operating through compromised Ubiquiti EdgeRouters, is used for various malicious activities such as credential harvesting, proxying network traffic, and hosting phishing landing pages. This article has been indexed from Cyware News –…
European Raids Shut Down Call Centers Used to ‘Shock and Cheat’ Victims
The criminal network was responsible for defrauding thousands of victims through fake police calls, investment fraud, or romance scams, Europol said. Scam callers posed as victims’ close relatives, bank employees, customer service, or police. This article has been indexed from…
Crypto Recovery Scams – And How They Add Insult to Injury
Crypto recovery scams involve fraudsters who offer to help victims recover stolen cryptocurrency in exchange for an upfront fee, but instead, they disappear after payment. This article has been indexed from Cyware News – Latest Cyber News Read the original…
Ukraine Records Increase in Financially Motivated Attacks by Russian Hackers
These hackers are employing sophisticated phishing techniques to distribute malicious software and target financial theft, with incidents steadily increasing over the past two years. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…
CISA Urges Software Devs to Weed out Path Traversal Vulnerabilities
Path traversal vulnerabilities, also known as directory traversal, can be exploited by attackers to manipulate critical files, compromise security mechanisms, access sensitive data, and disrupt systems. This article has been indexed from Cyware News – Latest Cyber News Read the…
Android Bug can Leak DNS Traffic With VPN Kill Switch Enabled
The Android bug discovered by a Mullvad VPN user reveals that Android devices can leak DNS queries even with the “Always-on VPN” feature and “Block connections without VPN” option enabled. This article has been indexed from Cyware News – Latest…
“Dirty Stream” Attack Affects Popular Android Apps
A vulnerability in popular Android apps like Xiaomi File Manager and WPS Office could allow malicious apps to overwrite files in the vulnerable app’s home directory, potentially leading to code execution and unauthorized access to user data. This article has…
More Than Two Dozen Android Vulnerabilities Fixed
Xiaomi resolved 20 flaws, ensuring user safety by fixing issues like arbitrary access to system components and data leaks. Google also fixed six vulnerabilities, including geolocation access through the camera and arbitrary file access. This article has been indexed from…
North Korean Hackers Spoofing Journalist Emails to Spy on Experts
North Korean threat actors, specifically the Kimsuky group, are exploiting weakly configured DMARC protocols to spoof the email addresses of legitimate journalists, academics, and other experts in East Asian affairs. This article has been indexed from Cyware News – Latest…
DeepKeep Secures $10M in Seed Funding to Boost GenAI Protection Endeavors
Founded in 2021 by Rony Ohayon, DeepKeep specializes in AI-Native Trust, Risk, and Security Management (TRiSM). The platform caters to large corporations reliant on AI, GenAI, and LLM technologies for risk management and growth protection. This article has been indexed…
reNgine: Open-Source Automated Reconnaissance Framework for Web Applications
Developed to address limitations in existing tools, reNgine is beneficial for bug bounty hunters, penetration testers, and corporate security teams by automating and enhancing their information collection processes. This article has been indexed from Cyware News – Latest Cyber News…
Cybersecurity Consultant Arrested After Allegedly Extorting IT Firm
Vincent Cannady, a former cybersecurity consultant, was arrested for allegedly extorting a publicly traded IT company by threatening to disclose confidential data unless they paid him $1.5 million. This article has been indexed from Cyware News – Latest Cyber News…
AI-Driven Phishing Attacks Deceive Even the Most Aware Users
By automating and personalizing various aspects of the attack process, such as crafting convincing emails and creating realistic phishing pages, threat actors can deceive even the most aware users. This article has been indexed from Cyware News – Latest Cyber…
Investigation Uncovers Substantial Spyware Exports to Indonesia
An investigation by Amnesty International’s Security Lab revealed that Indonesia has been procuring powerful and invasive commercial spyware and surveillance products from international vendors, brokers, and resellers. This article has been indexed from Cyware News – Latest Cyber News Read…
Cybercriminals and Nation-State Actors Found Sharing Compromised Networks
Nation-state threat actors like Sandworm used their own dedicated proxy botnets, while APT group Pawn Storm had access to a criminal proxy botnet of Ubiquiti EdgeRouters. This article has been indexed from Cyware News – Latest Cyber News Read the…
US Charges 16 Over ‘Depraved’ Grandparent Scams
The scam involved call center workers impersonating the victims’ relatives, claiming they were in legal trouble or had been in an accident, and convincing the victims to send thousands of dollars to help them. This article has been indexed from…
Essential Steps for Zero-Trust Strategy Implementation
According to Gartner, 63% of organizations worldwide have fully or partially implemented a zero-trust strategy. For 78% of organizations implementing a zero-trust strategy, this investment represents less than 25% of the overall cybersecurity budget. This article has been indexed from…
Attack Report: Custom QR Code Phishing Templates
Hackers are using custom QR code templates that are personalized for each target organization, making the attacks appear more legitimate and increasing their chances of success. This article has been indexed from Cyware News – Latest Cyber News Read the…
NASA Doesn’t Know if Its Spacecraft Have Adequate Cyber Defenses, GAO Warns
NASA has been cautioned by the Government Accountability Office (GAO) for not having mandatory security guidance in place for its spacecraft acquisition policies and standards. This article has been indexed from Cyware News – Latest Cyber News Read the original…
Mal.Metrica Redirects Users to Scam Sites
Mal.Metrica is a significant malware campaign targeting vulnerabilities in popular WordPress plugins. It injects external scripts using domain names resembling legitimate services to redirect users to malicious sites. This article has been indexed from Cyware News – Latest Cyber News…
Why Cloud Vulnerabilities Need CVEs
Cloud services have introduced new challenges for vulnerability management, as organizations no longer control the underlying infrastructure and must focus on configuration management rather than just patching. This article has been indexed from Cyware News – Latest Cyber News Read…
Finnish Psychotherapy Center Cyber-Blackmailer Gets Six Years
The district court of Länsi-Uusimaa, Finland, sentenced Aleksanteri Kivimäki, 26, on Tuesday for crimes against the Vastaamo center and those in its care, which included more than 20,000 extortion attempts. This article has been indexed from Cyware News – Latest…
New Goldoon Botnet Targeting D-Link Devices Using Decade-Old Flaw
This botnet exploits the CVE-2015-2051 flaw to download a dropper script, and then deploys the Goldoon malware for DDoS attacks. The botnet uses various autorun methods for persistence and connects to a C2 server for instructions. This article has been…
CISA Adds GitLab Flaw to its Known Exploited Vulnerabilities Catalog
This flaw allows for an account takeover via Password Reset, enabling attackers to hijack accounts without any interaction. The affected versions range from 16.1 to 16.7, with GitLab releasing patches for versions 16.1.6 to 16.7.2. This article has been indexed…
HPE Aruba Networking Fixes Four Critical RCE Flaws in ArubaOS
HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system. This article has been indexed from Cyware News – Latest Cyber News Read…
Vulnerability Exploits Triple as Initial Access Point for Breaches
According to Verizon’s 2024 Data Breach Investigations Report, this method of gaining unauthorized access leading to a breach accounted for 14% of malicious actors’ way into a network. It is the third most used after credential theft and phishing. This…
SafeBase Raises $33M in Series B to Accelerate Vision for Friction-Free Security Reviews
Elisity, a leader in identity-based microsegmentation, has secured $37 million in Series B funding from Insight Partners to enhance its AI capabilities for cyber threat anticipation. This article has been indexed from Cyware News – Latest Cyber News Read the…
Cyber Startup Oasis Secures $35 Million Series A Extension, Doubles Valuation
The extension round was led by existing investors Accel, Cyberstarts, and Sequoia Capital, along with private investors. Oasis has now raised a total of $75 million, including its seed round and previous Series A. This article has been indexed from…
AI is Creating a New Generation of Cyberattacks
Most businesses see offensive AI fast becoming a standard tool for cybercriminals, with 93% of security leaders expecting to face daily AI-driven attacks, according to Netacea. This article has been indexed from Cyware News – Latest Cyber News Read the…
US Warns of Russian Hackers Targeting Operational Technology in Water Systems
The alert says that water operators are employing poor security standards that have allowed the hackers to breach their networks, including the use of default passwords that are included when the water system management tools are first installed. This article…
Iranian Hackers Impersonate Journalists in Social Engineering Campaign
A hacking group linked to the intelligence wing of Iran’s Revolutionary Guard Corps impersonated journalists and human rights activists as part of a social engineering campaign, according to research released Wednesday by Mandiant and Google Cloud. This article has been…
Corelight Gets $150M to Expand Detection, Improve Workflows
The latest investment will allow Corelight to deepen its relationship with existing partners, while extending its expertise from large enterprises and government entities to the enterprise sector. This article has been indexed from Cyware News – Latest Cyber News Read…
Island Raises $175 Million at $3 Billion Valuation
The $175 million Series D funding round for Island was led by new investor Coatue and existing investor Sequoia Capital, with additional funding from other existing investors. This article has been indexed from Cyware News – Latest Cyber News Read…
New Cuttlefish Malware Infects Routers to Monitor Traffic for Credential Theft
Black Lotus Labs says the malware has been active since at least July 2023. It is currently running an active campaign concentrated in Turkey, with a few infections elsewhere impacting satellite phone and data center services. This article has been…
CISA Unveils Guidelines for AI and Critical Infrastructure
The CISA on Monday released safety and security guidelines for critical infrastructure, a move that comes just days after the Department of Homeland Security announced the formation of a safety and security board focused on the same topic. This article…
New Wpeeper Android Malware Hides Behind Hacked WordPress Sites
A new Android backdoor malware named ‘Wpeeper’ has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads. This article has been indexed…
Programming Language R Patches Code Execution Security Flaw
The vulnerability, tagged CVE-2024-27322, can be exploited by tricking someone into loading a maliciously crafted RDS (R Data Serialization) file into an R-based project, or by fooling them into integrating a poisoned R package into a code base. This article…
Patched Deserialization Flaw in Siemens Product Allows RCE
Researchers detailed a deserialization vulnerability in Siemens software used to monitor industrial energy consumption and attributed the flaw to the German conglomerate’s decision to use a programming method that has known security risks. This article has been indexed from Cyware…
New Latrodectus Malware Attacks Use Microsoft, Cloudflare Themes
Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. This article has been indexed from Cyware News…
Belarus Secret Service Website Still Down After Hackers Claim the Breach
The hackers, known as the Belarusian Cyber-Partisans, announced their operation against the KGB late last week. The agency has not commented on the attack, but on Monday its website says that it is “in the process of development.” This article…
Microsoft Releases New-Open Source Tool for OT Security
Microsoft has released a new open-source security tool to close gaps in threat analysis for industrial control systems and help address increased nation-state attacks on critical infrastructure. This article has been indexed from Cyware News – Latest Cyber News Read…
Researchers Discover Coordinated Attacks on Docker Hub to Plant Millions of Malicious Repositories
Of the 4.79 million imageless Docker Hub repositories uncovered, 3.2 million of them are said to have been used as landing pages to redirect unsuspecting users to fraudulent sites as part of three broad campaigns. This article has been indexed…
KnowBe4 to Acquire Egress
KnowBe4, a Tampa Bay, FL-based provider of security awareness training and simulated phishing platform, is to acquire Egress Software Technologies, a London, UK-based company that specializes in adaptive and integrated cloud email security. This article has been indexed from Cyware…
Researchers Unveil Novel Attack Methods Targeting Intel’s Conditional Branch Predictor
Researchers have found two novel types of attacks that target the conditional branch predictor found in high-end Intel processors, which could be exploited to compromise billions of processors currently in use. This article has been indexed from Cyware News –…
Prompt Fuzzer: Open-Source Tool for Strengthening GenAI Apps
Prompt Fuzzer is interactive and user-friendly, allowing users to repeat the process as many times as needed to harden their system prompts and see their security score increase as the prompt becomes more resilient. This article has been indexed from…
UK Enacts IoT Cybersecurity Law
The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy. This article has been indexed from…
Muddling Meerkat Hackers Manipulate DNS Using China’s Great Firewall
Discovered by Infoblox, the threat activity does not have a clear goal or motivation but demonstrates sophistication and advanced capabilities to manipulate global DNS systems. This article has been indexed from Cyware News – Latest Cyber News Read the original…
FCC Imposes $200 Million in Fines on Four US Carriers
The FCC has fined four major U.S. wireless carriers – AT&T, Sprint, T-Mobile, and Verizon – a total of nearly $200 million for unlawfully selling access to their customers’ real-time location data without consent. This article has been indexed from…
Google Rejected 2.28 Million Risky Android Apps From Play Store in 2023
Additionally, the tech giant reports that it identified and blocked 333,000 Google Play accounts that uploaded malware, fraudulent apps, or engaged in repeated grave policy violations. This article has been indexed from Cyware News – Latest Cyber News Read the…
Security Flaws in IRS Systems Pose Risk to Financial Statements, GAO Says
In its report, the GAO highlighted “new and continuing” shortcomings with information systems and the safeguarding of assets, issues that increase the likelihood of unauthorized access to sensitive IRS data. This article has been indexed from Cyware News – Latest…
The Darkgate Menace: Leveraging Autohotkey & Attempt to Evade SmartScreen
Researchers found a novel infection chain associated with the DarkGate malware, which is a Remote Access Trojan (RAT) developed using Borland Delphi and marketed as a Malware-as-a-Service (MaaS) offering on a Russian-language cybercrime forum. This article has been indexed from…
DDoS Attacks Continue, Post-Election, Against Russian Independent Media Site Meduza
In April, Meduza faced two large-scale distributed denial-of-service (DDoS) attacks, prompting it to reach out to Qurium to investigate their origin and composition, the researchers said. This article has been indexed from Cyware News – Latest Cyber News Read the…
More Than 800 Vulnerabilities Resolved Through CISA Ransomware Notification Pilot
The Ransomware Vulnerability Warning Pilot was unveiled in January 2023 as a program designed to “identify organizations with internet-accessible vulnerabilities commonly associated with known ransomware actors.” This article has been indexed from Cyware News – Latest Cyber News Read the…
British Intelligence Moves to Protect Research Universities From Espionage
The head of Britain’s domestic intelligence agency warned the country’s leading research universities on Thursday that foreign states are targeting their institutions and imperiling national security. This article has been indexed from Cyware News – Latest Cyber News Read the…
Report: 73% of SME Security Professionals Missed or Ignored Critical Alerts
IT staff at SMEs is overwhelmed by the complexity and demands of managing multiple tools in their security stack, leading them to miss critical severity events and weaken their company’s security posture, according to Coro. This article has been indexed…
DHS Announces AI Safety Board with OpenAI Founder, CEOs of Microsoft, Nvidia, IBM
Members will include representatives of tech companies, critical infrastructure entities, academia, and government agencies, as well as “leaders in the civil rights, civil liberties, and privacy communities,” DHS Secretary Alejandro Mayorkas said. This article has been indexed from Cyware News…
Know-Your-Customer Executive Order Facing Stiff Opposition From Cloud Industry
A controversial executive order that would require U.S. cloud companies to closely monitor the identities of their customers will move one step closer to the finish line next week amid opposition from the industry. This article has been indexed from…
Most People Still Rely on Memory or Pen and Paper for Password Management
A Bitwarden survey showed that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit to using personal information in their credentials publicly accessible on social media (60%) platforms and online forums (30%). This article has been indexed…
Palo Alto Updates Remediation for Max-Critical Firewall Bug
The vulnerability, tracked as CVE-2024-3400, has a CVSS score of 10 out of 10, and can allow an unauthenticated threat actor to execute arbitrary code with root privileges on the firewall device, according to the update. This article has been…
Japanese police create fake support scam payment cards to warn victims
The cards are labeled “Virus Trojan Horse Removal Payment Card” and “Unpaid Bill Late Fee Payment Card,” and were created by the Echizen Police in the Fukui prefecture in Japan as an alert mechanism. This article has been indexed from…
Analysis of Native Process CLR Hosting Used by AgentTesla
The initial infection vector is a Word document that downloads and executes a 64-bit Rust-compiled binary. This binary then downloads an encoded shellcode containing the AgentTesla payload. This article has been indexed from Cyware News – Latest Cyber News Read…
US Post Office Phishing Sites Get as Much Traffic as the Real One
Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays. This article has been…
Thousands of Qlik Sense Servers Open to Cactus Ransomware
Nearly five months after security researchers warned of the Cactus ransomware group leveraging a set of three vulnerabilities in Qlik Sense data analytics and BI platform, many organizations remain dangerously vulnerable to the threat. This article has been indexed from…
FBI: Fraudsters Using Fake Online Dating Verification Apps to Scam Lovers
The FBI published a warning on Friday about the scam, noting that it was akin to an offshoot of romance scams and pig butchering schemes that have proliferated in recent years. This article has been indexed from Cyware News –…
Zero-Day from 2017 Used Along With Cobalt Strike Loader in Unholy Alliance
The operation involves a malicious PPSX file that drops a custom loader for the Cobalt Strike Beacon malware. The loader employs various techniques to slow down analysis and bypass security solutions. This article has been indexed from Cyware News –…
New Brokewell Malware Takes Over Android Devices, Steals Data
The malware is delivered through a fake Google Chrome update that is shown while using the web browser. Brokewell is under active development and features a mix of extensive device takeover and remote control capabilities. This article has been indexed…
Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries
First discovered in 2022, Godfather — which can record screens and keystrokes, intercepts 2FA calls and texts, initiates bank transfers, and more — has quickly become one of the most widespread malware-as-a-service offerings in cybercrime. This article has been indexed…
Researchers Found 18 Vulnerabilities in Brocade SANnav
Three of the vulnerabilities could allow an attacker to send malicious data, intercept credentials sent in clear text, and potentially compromise the entire Fibre Channel infrastructure. This article has been indexed from Cyware News – Latest Cyber News Read the…
Autodesk Hosting PDF Files Used in Microsoft Phishing Attacks
Researchers discovered a sophisticated phishing campaign that is using compromised email accounts and Autodesk’s file sharing platform to steal Microsoft login credentials from victims. This article has been indexed from Cyware News – Latest Cyber News Read the original article:…
ThreatLocker Raises $115M in Series D Funding
The round was led by existing investor General Atlantic, with participation from other major investors StepStone Group and the D. E. Shaw group. The company intends to use the funds to drive product innovation and accelerate its global expansion. This…
Researchers Sinkhole PlugX Malware Server With 2.5 Million Unique IPs
Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. This article has been indexed from Cyware News – Latest Cyber…
Attackers Leverage Black Hat SEO Techniques to Distribute Info-Stealer Malware
Threat actors utilize fraudulent websites hosted on popular legitimate platforms to spread malware and steal data. To evade detection, attackers employ obfuscation methods and checks on referral URLs. This article has been indexed from Cyware News – Latest Cyber News…
Vulnerabilities in Microsoft’s PlayReady DRM Could Enable Illegal Movie Downloads From Streaming Services
The research identified deficiencies in various PMP components that could be exploited to gain access to plaintext content keys guarded by PlayReady DRM in Windows 10/11 environments. This article has been indexed from Cyware News – Latest Cyber News Read…
Ring Customers Get $5.6 Million in Privacy Breach Settlement
The FTC is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections. This article has been…
Report: Security Leaders Braced for Daily AI-Driven Attacks by Year-End
Most businesses are concerned about AI-enabled cyber-threats, with 93% of security leaders expecting to face daily AI-driven attacks by the end of 2024, according to a new report by Netacea. This article has been indexed from Cyware News – Latest…
ArcaneDoor Hackers Exploit Cisco Zero-Days to Breach Government Networks
The hackers, identified as UAT4356 by Cisco Talos and STORM-1849 by Microsoft, began infiltrating vulnerable edge devices in early November 2023 in a cyber-espionage campaign tracked as ArcaneDoor. This article has been indexed from Cyware News – Latest Cyber News…
Feds Accuse Founders of Cryptocurrency Mixer of ‘Large-Scale Money Laundering’
The two founders of a cryptocurrency mixing service that allegedly obfuscated the origins of at least $100 million in criminal proceeds have been arrested, the Department of Justice announced Wednesday. This article has been indexed from Cyware News – Latest…
Maximum Severity Flowmon Bug has a Public Exploit, Patch Now
Flowon developer Progress Software first alerted about the flaw on April 4, warning that it impacts versions of the product v12.x and v11.x. The company urged system admins to upgrade to the latest releases, v12.3.4 and 11.1.14. This article has…
CISA Warns of Cisco and CrushFTP Vulnerabilities Being Actively Exploited
On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco product vulnerabilities — CVE-2024-20353 and CVE-2024-20359 — as well as one vulnerability affecting popular file transfer tool CrushFTP. This article has been indexed from Cyware News – Latest…
Google Meet opens client-side encrypted calls to non Google users
Google announced it is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls. This article has been indexed from Cyware News – Latest Cyber News Read the original…
Chinese, Russian Espionage Campaigns Increasingly Targeting Edge Devices
Chinese and Russian hackers have turned their focus to edge devices — like VPN appliances, firewalls, routers and Internet of Things (IoT) tools — amid a startling increase in espionage attacks, according to Google security firm Mandiant. This article has…
Security Bugs in a Popular Phone-Tracking App Exposed Users’ Precise Locations
A security researcher discovered vulnerabilities in the popular phone-tracking app iSharing, which has over 35 million users. The bugs allowed a user to access others’ precise coordinates, even if the user wasn’t actively sharing their location data. This article has…